51
Prabath Siriwardena – Software Architect, WSO2
| Date post: | 08-Jun-2015 |
| Category: |
Technology |
| Upload: | prabath-siriwardena |
| View: | 982 times |
| Download: | 3 times |
Prabath Siriwardena – Software Architect, WSO2
WHY ?
Cloud Computing
Cloud Computing
As a Service ?
As a Service ?
Pay per use
Self service provisioning
Resource Sharing
Unlimited Resource
• In public – IaaS, PaaS, SaaS available on the Internet – Use one of the cloud service providers – Information is stored and managed by provider under SLA
• In Private – Have a cloud, in-‐house – IaaS provides by hardware on your data centers – PaaS running on your IaaS – SaaS executing on your PaaS
• Or use both – Hybrid Cloud
Enterprise IT in 2010
Enterprise IT in 2015+
What do you expect from a platform ?
• Public Cloud – Fast time to market – Makes it easier to write scalable code
• Private Cloud – Give each team their own instant infrastructure – Govern centrally but code and deploy by team – Automated governance, registry, identity – Instant BAM
• Distributed / Dynamically Wired (works properly in the cloud) – Finds services across applications – Reuse services from other departments e.g. People information required by all of Finance,
Engineering and Sales • Elastic (uses the cloud efficiently)
– Scales up and down as needed – Some departments might want varying resources with varying bandwidth with varying
priority • Multi-‐tenant (only costs when you use it)
– Virtual isolated instances to facilitate isolation between departments etc. – e.g. Sales vs. Finance tenants. Finance want complete isolation for some sensitive services
• Self-‐service (in the hands of users) – De-‐centralized creation and management of tenants – No need to come to IT department to gain access – served via portal – no need to be on the
queue or waiting list • Granularly Billed and Metered (pay for just what you use)
– Allocate costs to exactly who uses them – Bill and cost various departments per use – Get rid of the situations where unused computing assets lying in one department while the
other departments are starving for the same • Incrementally Deployed and Tested (supports seamless live upgrade)
– Not disrupt other operations
Application
Middleware
Guest OS
Hypervisor
Storage
Hardware
Network
F
F
F
N
N
N
N
N
N
N
F
F
F
F
IAAS Provider
Organization
Application
Middleware
Guest OS
Hypervisor
Storage
Hardware
Network
L
L
N
N
N
N
N
M
M
F
F
F
F
F
PAAS Provider
Organization
Application
Middleware
Guest OS
Hypervisor
Storage
Hardware
Network
L
N
N
N
N
N
N
M
F
F
F
F
F
F
SAAS Provider
Organization
IaaS PaaS SaaS
Data Organization Organization Organization
Applications Organization Shared Service Provider
Systems Service Provider Service Provider Service Provider
Storage Service Provider Service Provider Service Provider
Network Service Provider Service Provider Service Provider
IAAS
PAAS
SAAS
More Control
Private Public
Compliance Organization Service Provider
Governance Organization Service Provider
Security Organization Service Provider
Operations Organization Service Provider
Risk Organization Shared
Cloud Owner Organization or leased
Service Provider
Use limited to Organization Public
Private
Hybrid
Public
Ownership
Multi-‐tenancy
• Can be used to give departments their own PaaS world to operate in
• Yet all share same hardware resources – Not all departments need resources at the same time – Really pay per use – Opportunity to unify departmental level small server pools
• Drastically reduce admin/management costs – One software installation to maintain
• Use differentiated QoS
¡ Three possible ways § Machine per tenant § VM per tenant § Share machine/VM across tenants
¡ Challenges § Data isolation § Logic isolation § Security
Multi-‐tenancy
Multi-‐tenancy Data Isolation – Se
parated DB
Multi-‐tenancy Data Isolation – Sh
ared
DB / Se
parate Sch
ema
Multi-‐tenancy Data Isolation – Sh
ared
DB / Sh
ared
Sch
ema
Data Access -‐ Security Patterns Trus
ted Datab
ase Co
nnec
tion
s
Data Access -‐ Security Patterns Trus
ted Datab
ase Co
nnec
tion
s
Data Access -‐ Security Patterns Trus
ted Datab
ase Co
nnec
tion
s
Data Access -‐ Security Patterns Se
cure Datab
ase Ta
bles
GRANT SELECT, UPDATE, INSERT, DELETE ON [TableName] FOR [UserName] �
Data Access -‐ Security Patterns Te
nant
View Filter
CREATE VIEW TenantEmployees AS SELECT * FROM Employees WHERE TenantID =
SUSER_SID()�
• Data Confidentiality/Integrity/Availability • Data Lineage • Data Provenance • Data Remanence
D
ata Co
nfide
ntiality/Integrity
/Ava
ilability
Storage Processing Transmission
Confidentiality Symmetric Encryption
Homomorphic Encryption
SSL
Integrity MAC Homomorphic Encryption
SSL
Availability Redundancy Redundancy Redundancy
Hom
omorph
ic Enc
ryption
cloud security forxg vhfxulwb
cloud security
forxg
vhfxulwb
cloud security forxg vhfxulwb
Vendor CVE
KVM 32
QEMU 23
VMWare 126
XEN 86
• VM Escape (Host code execution) • Guest code execution with privilege
• Identity Management • Access Management • Key Management • System & Network Auditing • Security Monitoring • Security Testing & Vulnerability Remediation • System & Network Controls
• Controls over identity information • Strong Identity Management system for cloud
personnel • Large scale needs for authenticating cloud
tenants and users • Federated Identity • Audits for legal activities • Identity Recycle? • Means to verify assertions of identity by cloud
provider personnel
Iden
tity M
anag
emen
t
• Cloud personnel shall have restricted access to the customer data
• Multifactor authentication for highly privileged operations
• Large scale needs for authenticating cloud tenants and users
• Least privileged principal and RBAC • White-‐listed IPs for remote access by cloud
personnel
Acces
s Man
agem
ent
• Encryption the key to protect data in transit and at rest
• All keys secured properly • Effective procedures to recover from
compromised keys • Effective procedures for key revocation
Key
Man
agem
ent
• All security related events must be recorded with all relevant information
• Generated audit events must be logged in near real-‐time manner
• Integrity & confidentiality of audit logs should be protected
• Audit logs needs to be securely archived
System
& N
etwork Aud
iting
• Generation of alerts in recognition of a critical security breach
• Delivery of security alerts in deferent means securely
• Cloud wide intrusion and anomaly detection • Periodic checks to make sure monitoring system
runs healthy
Secu
rity M
onitoring
• Well defined set of security test cases • Separate environments for development,
testing, staging and production • Patch management
Secu
rity Tes
ting
• Should be implemented for infrastructure systems
• Network isolation in between different functional areas in the cloud
• Assure the integrity of OSes, VM images and infrastructure applications
• Isolation between different VMs
System
& N
etwork Con
trols
• Abuse & nefarious use of cloud computing • Password/key cracking, DDOS, CAPTCH solving farms, building rainbow tables
• Insecure interfaces and APIs • Malicious insiders • Shared technology issues • Data loss and leakage • Account or service hijacking • Unknown risk profile
